this post was submitted on 24 Nov 2024
1513 points (92.5% liked)

Technology

60012 readers
2804 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 0 points 3 weeks ago (2 children)

But only twice. You know the problem with having a network port on a usb is that the laptop no longer has a unique mac address, which can cause problems with authentication in a corporate environment. So when building devices or using mac auth it can be a nightmare.

[–] [email protected] 2 points 3 weeks ago (1 children)

MAC is useless as a component of the security check. It's trivial to change; either with a dongle, as you said, or in the network configuration of every major and minor OS.

[–] [email protected] 2 points 3 weeks ago

But if i am authenticating a unique third party laptop i could use the mac address and apply a profile in clearpass to authenticate it and apply an ACL to lock the device down as a separate measure to creating a separate vlan for the device.

I wouldn't have called it useless in that regard. But im fairly new to network administration, so perhaps i am not well versed enough to know better.

Our clearpass servers struggle sometimes, and i experience timeouts or rejections when a laptop moves from one usb c docking station to another if they fail dot1x and revert to mab.

Also all of this aside, the fact that all the ports got removed from a laptop and now you have to plig in a £60-100 dock to get all those ports back is an absolute con.

[–] [email protected] 1 points 3 weeks ago (1 children)

There's always a MAC address, it's just the dongle's then.

[–] [email protected] 1 points 3 weeks ago

But thats the dongles mac address. They break. They get passed around and used in multiple devices. If i am trying to authenticate a third party laptop and they are moving from dock to dock then i cant use the unique hardware ID to identify that hardware. I can only see where to dongle is.

In theory its all well and good saying the dongle will stay with the laptop or the mac isn't a useful tool for authentication. But in practice in the wonderful wild world of IT. Its never that straightforward.

Its crap for asset registers, its crap for authentication servers and its crap for finding devices on switches with mac address tables.

I know there are other ways, but network ports aside, why am i buying a £60-£100 docking station to get all those ports back? I had them in my laptop. Now i have to spend more money to get them back and rely on a bit of cheap hardware that needs drivers, updates, and has breakable wires and ports to provide the functionality that was built in to my older devices.

There are advantages, but they dont outweigh the disadvantages. They just make it cheaper to manufacture laptops.